Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 132 additions & 0 deletions .forgejo/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
---
name: CI

# Forgejo Actions is GitHub-Actions compatible. The CI workflow mirrors
# the GitHub one but:
# - uses `runs-on: docker` (the common Forgejo runner label)
# - omits OIDC / packages permission blocks (Forgejo handles them
# differently; the CI flow doesn't touch the registry anyway)
# - skips govulncheck during PRs to avoid relying on an external HTTPS
# proxy that some self-hosted Forgejo runners block — enable it if
# your runners have egress.

on:
workflow_dispatch:
push:
branches:
- main
- "feature/**"
paths-ignore:
- "**/*.md"
- "Makefile"
- "LICENSE*"
pull_request:
branches:
- main
- "feature/**"
paths-ignore:
- "**/*.md"
- "Makefile"
- "LICENSE*"

concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
lint:
name: Lint
runs-on: docker
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true

- name: gofmt
run: |
unformatted=$(gofmt -l .)
if [ -n "$unformatted" ]; then
echo "These files are not gofmt'd:"
echo "$unformatted"
exit 1
fi

- name: go vet
run: go vet ./...

test:
name: Test
runs-on: docker
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true

- name: Test (race detector + coverage)
run: go test -race -coverprofile=coverage.out -covermode=atomic ./...

- name: Upload coverage report
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: coverage.out
retention-days: 7

build:
name: Build (smoke)
runs-on: docker
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true

- name: Build linux/amd64
env:
GOOS: linux
GOARCH: amd64
CGO_ENABLED: "0"
run: go build -trimpath -ldflags="-s -w" -o /tmp/probe-service-amd64 ./cmd/probe-service

- name: Build linux/arm64
env:
GOOS: linux
GOARCH: arm64
CGO_ENABLED: "0"
run: go build -trimpath -ldflags="-s -w" -o /tmp/probe-service-arm64 ./cmd/probe-service

goreleaser-check:
name: GoReleaser config check
runs-on: docker
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod

- name: Validate .goreleaser.forgejo.yaml
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: "~> v2"
args: check --config .goreleaser.forgejo.yaml
77 changes: 77 additions & 0 deletions .forgejo/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
---
name: Release

# Strict SemVer tags only.
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"

concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false

jobs:
release:
name: GoReleaser
runs-on: docker
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: arm64

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Derive the Forgejo container-registry host and API endpoints from
# the Forgejo-provided environment so that the same workflow file
# works against any Forgejo instance (Codeberg, self-hosted, …).
#
# Required repository secret: FORGEJO_TOKEN — a token with scopes
# - write:repository (to create the release)
# - write:package (to push to the container registry)
- name: Compute Forgejo endpoints
id: forgejo
run: |
registry=$(echo "${{ github.server_url }}" | sed -E 's|^https?://||')
api="${{ github.server_url }}/api/v1"
download="${{ github.server_url }}"
repo_lower=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
{
echo "registry=${registry}"
echo "api=${api}"
echo "download=${download}"
echo "repo_lower=${repo_lower}"
} >> "$GITHUB_OUTPUT"

- name: Login to Forgejo container registry
uses: docker/login-action@v3
with:
registry: ${{ steps.forgejo.outputs.registry }}
username: ${{ github.actor }}
password: ${{ secrets.FORGEJO_TOKEN }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: "~> v2"
args: release --clean --config .goreleaser.forgejo.yaml
env:
GITEA_TOKEN: ${{ secrets.FORGEJO_TOKEN }}
GITEA_API_URL: ${{ steps.forgejo.outputs.api }}
GITEA_DOWNLOAD_URL: ${{ steps.forgejo.outputs.download }}
DOCKER_REGISTRY: ${{ steps.forgejo.outputs.registry }}
DOCKER_REPO: ${{ steps.forgejo.outputs.repo_lower }}
152 changes: 152 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
---
name: CI

# CI runs on every push to a development branch and every PR targeting one
# of those branches. It does NOT run on tag pushes (release.yml handles
# those) and it never touches container registries or releases.
on:
workflow_dispatch:
inputs:
logLevel:
description: "Log level"
required: true
default: "info"
type: choice
options: [debug, info, warning, error]

push:
branches:
- main
- "feature/**"
paths-ignore:
- "**/*.md"
- "Makefile"
- "LICENSE*"

pull_request:
branches:
- main
- "feature/**"
paths-ignore:
- "**/*.md"
- "Makefile"
- "LICENSE*"

permissions:
contents: read

concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
lint:
name: Lint
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v6.0.2

- name: Set up Go
uses: actions/setup-go@v6.4.0
with:
go-version-file: go.mod
cache: true

- name: gofmt
run: |
unformatted=$(gofmt -l .)
if [ -n "$unformatted" ]; then
echo "::error::These files are not gofmt'd:"
echo "$unformatted"
exit 1
fi

- name: go vet
run: go vet ./...

- name: govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

test:
name: Test
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v6.0.2

- name: Set up Go
uses: actions/setup-go@v6.4.0
with:
go-version-file: go.mod
cache: true

- name: Test (race detector + coverage)
run: go test -race -coverprofile=coverage.out -covermode=atomic ./...

- name: Upload coverage report
if: always()
uses: actions/upload-artifact@v7.0.1
with:
name: coverage-report
path: coverage.out
retention-days: 7

build:
name: Build (smoke)
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v6.0.2

- name: Set up Go
uses: actions/setup-go@v6.4.0
with:
go-version-file: go.mod
cache: true

# Cross-compile both target architectures to catch arch-specific
# build breakage in the same PR that introduced it.
- name: Build linux/amd64
env:
GOOS: linux
GOARCH: amd64
CGO_ENABLED: "0"
run: go build -trimpath -ldflags="-s -w" -o /tmp/probe-service-amd64 ./cmd/probe-service

- name: Build linux/arm64
env:
GOOS: linux
GOARCH: arm64
CGO_ENABLED: "0"
run: go build -trimpath -ldflags="-s -w" -o /tmp/probe-service-arm64 ./cmd/probe-service

goreleaser-check:
name: GoReleaser config check
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v6.0.2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v6.4.0
with:
go-version-file: go.mod

- name: Validate .goreleaser.yaml
uses: goreleaser/goreleaser-action@v7.2.1
with:
distribution: goreleaser
version: "~> v2"
args: check

- name: Validate .goreleaser.forgejo.yaml
uses: goreleaser/goreleaser-action@v7.2.1
with:
distribution: goreleaser
version: "~> v2"
args: check --config .goreleaser.forgejo.yaml
Loading